Authentication Error.

Matthew Newton mcn4 at leicester.ac.uk
Thu Apr 6 12:56:00 CEST 2017 

On Thu, Apr 06, 2017 at 10:20:20AM +0000, mustafa mujahid wrote:
> (1) sql_wlc_huawei: SQL-User-Name set to 'ali.asad'
> rlm_sql (sql_wlc_huawei): Reserved connection (0)
> (1) sql_wlc_huawei: EXPAND SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = '%{SQL-User-Name}' and wlan = 'y' and vlanid=SUBSTR('%{NAS-Port-Id}' ,INSTR('%{NAS-Port-Id}', '=', -1)+3) ORDER BY id
> (1) sql_wlc_huawei:    --> SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = 'ali.asad' and wlan = 'y' and vlanid=SUBSTR('slot=3D0=3Bsubslot=3D0=3Bport=3D0=3Bvlanid=3D50' ,INSTR('slot=3D0=3Bsubslot=3D0=3Bport=3D0=3Bvlanid=3D50', '=', -1)+3) ORDER BY id
> (1) sql_wlc_huawei: Executing select query: SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = 'ali.asad' and wlan = 'y' and vlanid=SUBSTR('slot=3D0=3Bsubslot=3D0=3Bport=3D0=3Bvlanid=3D50' ,INSTR('slot=3D0=3Bsubslot=3D0=3Bport=3D0=3Bvlanid=3D50', '=', -1)+3) ORDER BY id
> (1) sql_wlc_huawei: User found in radcheck table
> (1) sql_wlc_huawei: Conditional check items matched, merging assignment check items
> (1) sql_wlc_huawei:   NT-Password := 0x4633303443393130313932354643303241364641373646363145303444303133
> rlm_sql (sql_wlc_huawei): Released connection (0)

This is in the (outer) default server, so all the attributes are
available.

> (8) Virtual server wlc_huawei-tunnel received request
> (8)   EAP-Message = 0x02ba00431a02ba003e319bd6bf46337ff2fe2f415664c42941220000000000000000451b47de3fcf8963e5af60d7d5d328e8b77dfc3d1354ac0900616c692e61736164
> (8)   FreeRADIUS-Proxied-To = 127.0.0.1
> (8)   User-Name = "ali.asad"
> (8)   State = 0xda51e3dbdaebf9d40b2096b8dfe0e74b

These are the available inner tunnel attributes.

> (8) sql_wlc_huawei: EXPAND %{User-Name}
> (8) sql_wlc_huawei:    --> ali.asad
> (8) sql_wlc_huawei: SQL-User-Name set to 'ali.asad'
> rlm_sql (sql_wlc_huawei): Reserved connection (1)
> (8) sql_wlc_huawei: EXPAND SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = '%{SQL-User-Name}' and wlan = 'y' and vlanid=SUBSTR('%{NAS-Port-Id}' ,INSTR('%{NAS-Port-Id}', '=', -1)+3) ORDER BY id
> (8) sql_wlc_huawei:    --> SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = 'ali.asad' and wlan = 'y' and vlanid=SUBSTR('' ,INSTR('', '=', -1)+3) ORDER BY id
> (8) sql_wlc_huawei: Executing select query: SELECT id,UserName,Attribute,Value,op FROM radcheck_office WHERE Username = 'ali.asad' and wlan = 'y' and vlanid=SUBSTR('' ,INSTR('', '=', -1)+3) ORDER BY id
> (8) sql_wlc_huawei: WARNING: Cannot do check groups when group_membership_query is not set
> rlm_sql (sql_wlc_huawei): Released connection (1)

In the inner tunnel - attributes used in the query don't exist.

You need to either set copy_request_to_tunnel=yes in the eap/peap
configuration, or use %{outer.request:NAS-Port-Id} in the query to
get the right attribute value in there.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list